domain mapping, multi-domains and ssl

I need to install an ssl certificate on a mapped domain in my multi-site network.

There seems to be several posts about this, most seem kind of old, so I am just wondering what sort of certificate I should purchase - the mapped domain, or a wildcard subdomain ssl so that they area all covered somehow?

Advice appreciated!